CVE-2026-44917

🗓️ 04 Jun 2026 00:00:00Reported by mitreType

CVE-2026-44917: Ironic before 35.0.2 lets project admins read local conductor files via pxe_template.

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2026-44917	4 Jun 202600:00	–	cvelist
Debian CVE	CVE-2026-44917	4 Jun 202600:00	–	debiancve
EUVD	EUVD-2026-34202	4 Jun 202600:00	–	euvd
NVD	CVE-2026-44917	4 Jun 202604:17	–	nvd
OSV	DEBIAN-CVE-2026-44917	3 Jun 202619:48	–	osv
Positive Technologies	PT-2026-46138	4 Jun 202600:00	–	ptsecurity

Vulners

CNA

Node

openstack ironicRange17.0.0–26.1.7

openstack ironicRange27.0.0–29.0.6

openstack ironicRange30.0.0–32.0.2

openstack ironicRange33.0.0–35.0.2

[
  {
    "defaultStatus": "unaffected",
    "product": "Ironic",
    "vendor": "OpenStack",
    "versions": [
      {
        "lessThan": "26.1.7",
        "status": "affected",
        "version": "17.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "29.0.6",
        "status": "affected",
        "version": "27.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "32.0.2",
        "status": "affected",
        "version": "30.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "35.0.2",
        "status": "affected",
        "version": "33.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
bugs	www.bugs.launchpad.net/ironic/+bug/2148319
openwall	www.openwall.com/lists/oss-security/2026/06/03/13

04 Jun 2026 04:17Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.9

CWE-669